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[6] 7. In FIG. 4, path 242, at some later time, the merchant 
submits the authorization token in a capture request to the 
acquirer's payment gateway. The capture request tells the 
acquirer to actually post the charge to the consumer's credit or 
debit account. 5 

The difference between this and the base design is that the 
issuer gateway sends the authorization token directly to the 
merchant, instead of relaying it through the consumer wallet. 
The primary advantage of this design is that it matches a 
"thin" wallet design by moving responsibility for error 10 
recovery to the issuer gateway. The disadvantage is that the 
consumer wallet (and hence the consumer) has less oppor-. 
tunity to be aware of the progress of the payment. 

The principle of operation of the invention applies to both 
non-interactive internet communications such as email, as 15 
well as to interactive applications such as the World Wide 
Web. The method of the invention includes the step of 
sending from a consumer's computer to an issuer gateway 
for an issuing bank, an authorization request message con- 
taining consumer identity and authentication information, 20 
payment amount, an order description, a timestamp, a digital 
certificate representing a merchant, and a digital certificate 
representing the merchants acquiring bank. Then the method 
continues with the merchant's digital certificate containing a 
merchant identifier unique for the acquiring bank. Then the 25 
method continues with the acquiring bank's digital certifi- 
cate containing a bank identifier unique among all banks 
sharing a common financial arrangement. Then the method 
continues with the step of validating at the issuer gateway 
the merchant's certificate and the acquirer's certificate to 30 
prove that the merchant, acquirer, and issuer share a com- 
mon financial arrangement. Then the method continues with 
the step of the issuer gateway verifying the consumer's 
account and ensuring that funds and/or credit are available 
to support the payment amount, then authorizing payment 35 
by sending over the internet network an authorization token, 
an issuer's digital certificate, and a reference to the consum- 
er's credit or debit card number. Then the method continues 
with the authorization token including the payment amount, 
order description, timestamp, a random nonce, the merchant 40 
identifier from the merchant's digital certificate, and the 
acquiring bank identifier from the acquiring bank's digital 
certificate, plus a reference to the consumer's credit or debit 
card number. Then the method continues with the authori- 
zation token being digitally signed by the issuing bank. Then 45 
the method continues with the step of the merchant's com- 
puter receiving the authorization token and fulfilling the 
order description. 

The method can include the feature of sending from a 
merchant's computer over an internet network to a consum- so 
er's computer, a merchant message including a wallet ini- 
tiation message, a merchant digital certificate, and a digital 
certificate from an acquiring bank, the wallet initiation 
message including a payment amount, an order description, 
and a timestamp. Then the method starts a consumer's wallet 55 
program in the consumer's computer in response to the 
wallet initiation message. Then the consumer's wallet pro- 
gram sends the authorization request message. 

The method can include the feature of including with the 
wallet initiation message a merchant's digital signature of 60 
the wallet initiation message, including the wallet initiation 
message and the merchant's digital signature in the autho- 
rization request message, and verifying at the issuer gateway 
the merchant's signature to prove that the consumer is 
dealing with the actual merchant. 65 

The merchant's computer can perform the steps of receiv- 
ing the authorization token, verifing the issuer's signature, 
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digital certificate, the payment amount and merchant iden- 
tity in the authorization token, verifying the freshness of the 
authorization token via the timestamp in the token, using the 
nonce in the authorization token to recognize duplicate 
5 tokens, and fulfilling the order description. 

The merchant can claim payment through the acquiring 
bank by forwarding the customer reference number and 
payment amount to the acquiring bank. In the case of a 
subsequent dispute, the merchant proves payment authori- 
10 zation by submitting a copy of the authorization token and 
issuer's digital certificate to the acquiring bank. The acquir- 
ing bank verifies the issuer's signature on the authorization 
token, validates the issuer's digital certificate, checks for 
duplicates via the timestamp in the authorization token, and 
15 then the acquiring bank pays the amount indicated in the 
authorization token. 

The authorization request message and authorization 
token can include a hash of an order description instead of 
the actual order description, the order description itself being 
20 available separately at the merchant, the merchant validating 
that the authorization token refers to the same order descrip- 
tion by comparing the hash of the order description in the 
authorization token against a locally-computed hash of the 
same order description. 
25 Although specific embodiments of the invention have 
been disclosed, it will be understood by those skilled in the 
art that changes can be made to those specific embodiments 
without departing from the spirit and the scope of the 
invention. 
30 What is claimed is: 

1. A method for electronic commerce, comprising: 
forming a four party payment protocol for electronic sales 
including a consumer's computer coupled to a mer- 
chant's computer and to an issuing bank computer via 
3 5 an issuer gateway, the merchant computer being further 
coupled to an acquiring bank computer; 
sending from a merchant's computer over an internet 
network to a consumer's computer, a merchant mes- 
sage including a wallet initiation message, a merchant 
40 digital signature, and a digital certificate from an 
acquiring bank, said wallet initiation message including 
a payment amount, an order description, and a times- 
tamp; 

starting a consumer's wallet program in said consumer's 
computer in response to said wallet initiation message; 
sending from said consumer's computer consumer iden- 
tity and authentication information and said merchant 
message, to an issuer gateway for an issuing bank; 

50 the issuing bank creating a reference number or value 
representing the consumer's credit or debit card num- 
ber by repairing a table of credit card or debit card 
numbers and a corresponding table of reference 
numbers, the issuing bank pairing the consumer's card 

55 number with a selected reference number and output- 
ting the reference number to the issuer gateway; 
verifying at said issuer gateway said merchant's signature 
to prove that the consumer is dealing with the actual 
merchant and validating at said issuer gateway the 

60 merchant's certificate and the acquirer's certificate to 
prove that the merchant and issuer share a common 
financial arrangement; 
said issuer gateway verifying the consumer's account and 
ensuring that funds and/or credit are available to sup- 

65 port the payment amount, then authorizing payment by 
sending to the consumer over said internet network an 
authorization token, an issuer's digital certificate, said 
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wallet initiation message, and a reference to said con- 
sumer's credit or debit card number; 

said authorization token including the payment amount, 
order description, timestamp, a random nonce plus a 
merchant identifier and a reference to the consumer's 
credit or debit card number; and 

said merchant's computer receiving said authorization 
token and fulfilling said order description. 

2. The method for electronic commerce of claim 1, which 
further comprises: 

sending from said consumer's computer a start message 
over the internet network to the merchants computer, to 
initiate said merchant's message. 

3. The method for electronic commerce of claim 1, 
wherein said wallet initiation message includes a nonce. 

4. The method for electronic commerce of claim 1, 
wherein said merchant's computer further performs the steps 
comprising: 

receiving said authorization token; 

verifying the issuer's signature, digital certificate, the 
payment amount and merchant identity in the authori- 
zation token; 

verifying the freshness of the authorization token via the 

timestamp in the token; 
using the nonce in the authorization token to recognize 

duplicate tokens; and 
fulfilling said order description. 

5. The method for electronic commerce of claim 1, 
wherein said consumer identity and authentication informa- 
tion is a userid and a password. 

6. The method for electronic commerce of claim 1, 
wherein said consumer identity and authentication informa- 
tion is an ATM debit card number and PIN. 

7. The method for electronic commerce of claim 1, 
wherein said consumer identity and authentication informa- 
tion is a smart card's account number and a symmetric 
Message Authentication Code (MAC). 

8. The method for electronic commerce of claim 1, 
wherein said consumer identity and authentication informa- 
tion is a smart card's account number and an asymmetric 
digital signature. 

9. The method for electronic commerce of claim 1, 
wherein said consumer identity and authentication informa- 
tion is a consumer's digital signature and digital certificate. 

10. The method for electronic commerce of claim 1, 
wherein said authorization token includes a dummy card 
number for use in routing payment to an appropriate one of 
a plurality of issuing banks; 

said dummy card number being shared among all card- 
holders of a particular issuing bank. 

11. The method for electronic commerce of claim 1, 
wherein said consumer identity and authentication informa- 
tion is a consumer's digital certificate and matching asym- 
metric digital signature. 

12. The method for electronic commerce of claim 1, wherein 
said consumer identity and authentication information is a [is 
a] user account number and a symmetric MAC or asymmetric 
digital signature. 

13. The method for electronic commerce of claim 1, wherein 
said consumer identity and authentication information is a [is 
a] user account number and an asymmetric digital signature. 

14. The method for electronic commerce of claim 1, 
wherein said consumer identity information is a consumer's 
biometric signal. 

15. The method for electronic commerce of claim 1, 
wherein said issuer gateway sends said authorization token 
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to said consumer, and the consumer forwards said authori- 
zation token to said merchant. 

16. The method for electronic commerce of claim 1, 
wherein said issuer gateway sends said authorization token 
directly to said merchant. 

17. The method for electronic commerce of claim 1, 
wherein said reference to said credit card is an alias card 
number that is mapped at the issuing bank to the real card 
number, thereby preventing use of the consumer's credit 
card number without said authorization token. 

18. The method for electronic commerce of claim 1, 
wherein said reference to said card is an authorization 
number allocated uniquely by the issuer gateway for each 
authorization, enabling it to be passed by an acquirer gate- 
way back to the issuing bank in a capture message; 

said issuing bank maintaining a database mapping autho- 
rization numbers to card numbers, so that when the 
issuing bank receives the capture message, it uses the 
database mapping to determine the consumer's card 
number. 

19. The method for electronic commerce of claim 1, 
which further comprises: 

a digital certificate hierarchy that covers issuing banks, 
acquiring banks, and merchants. 

20. The method for electronic commerce of claim 19, 
wherein said certificate hierarchy is used with public -key 
digital signatures to identify said merchant and said issuing 
bank. 

21. The method for electronic commerce of claim 20, 
wherein said certificates represent common financial agree- 
ments and obligations among said merchant and said issuing 
bank. 

22. The method for electronic commerce of claim 21, 
wherein the issuing bank certificates identify and help 
authenticate issuing banks to merchants, providing a basis 
for the merchants to trust the authorization tokens provided 
by the issuing banks. 

23. The method for electronic commerce of claim 22, 
wherein an acquiring bank certificate and a merchant cer- 
tificate identify and help authenticate said acquiring bank 
and said merchant to issuing banks; 

said merchant certificate identifying the merchant to the 
consumer and verifying that the merchant is a valid 
participant of a payment scheme, before the issuing 
bank provides said authorization token. 

24. The method for electronic commerce of claim 1 , wherein 
split shipments are supported by an additional message 
interaction between the merchant and issuer gateway, 
comprising: 

the merchant sending the authorization token to the issuer 
gateway identified in the issuer's digital certificate, including 
details of a split requirement, such as the amount of a first 
payment, the merchant authenticating the request by signing it 
and including the merchant's digital certificate; 
the issuer gateway verifying that the merchant signing message 
is the same merchant that signed an original request, verifying 
the split request according to business and risk management 
policies, and responding with a new authorization token in a 
message to the merchant; 

the merchant forwarding the new authorization token in a 
capture message the acquirer gateway; 

the merchant resubmitting the new authorization token to the 
acquirer gateway [m] in a second message, whenever the 
merchant has shipped a second part of the shipment. 
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25. The method for electronic commerce of claim 1, 
comprising: 

the issuer offering the consumer a payment schedule 
conditioned on the merchant name from the merchant's 
digital certificate and the amount of payment from the 5 
initiation message. 

26. The method of claim 1 further comprising: 
sending a capture request message including the reference 

number representing the consumer's card number over 
the internet from the merchant to an acquirer gateway 10 
operating on behalf of an acquirer bank to capture the 
transaction and disburse payment to the merchant. 

27. The method of claim 1 further comprising the step of: 
settling accounts with the issuing bank by the acquiring 5 

bank over a private network by sending a settlement 
message that includes the reference number to the 
consumer's card number. 

28. The method of claim 1 further comprising the step of 
converting the reference number into the consumer's card 2 o 

number by the issuing bank and applying the transac- 
tion amount to the consumer's balance in his credit card 
or deposit account. 

29. The method of claim 1 further comprising the step of: 
proving that the issuing bank authorized the payment to 25 

the merchant by the combination of the issuing bank's 
signature on the authorization token, digital certificate, 
and the contents of the authorization token, providing 
undeniable proof that the issuing bank authorized the 
payment. 30 

30. A system for electronic commerce, comprising: 
connecting apparatus which forms a four party payment 

protocol for electronic sales including a consumer's 
computer coupled to a merchant's computer and to an 
issuing bank computer via an issuer gateway, the mer- 35 
chant computer being further coupled to an acquiring 
bank computer; 

the merchant's computer sending over an internet network 
to the consumer's computer, a merchant message 
including a wallet initiation message, a merchant digi- 40 
tal signature, and a digital certificate from an acquiring 
bank, said wallet initiation message including a pay- 
ment amount, an order description, and a timestamp; 

the consumer's wallet program in said consumer's com- ^ 
puter responsive to said wallet initiation message, for 
sending from said consumer's computer consumer 
identity and authentication information and said mer- 
chant message, to the issuer gateway for an issuing 
bank: 

. . 50 

the issuing bank creating a reference number or value 
representing the consumer's credit or debit card num- 
ber by preparing a table of credit card or debit card 
numbers and a corresponding table of reference 
numbers, the issuing bank pairing the consumer's card ^ 
number with a selected reference number and output- 
ting the reference number to the issuer gateway;. 

the issuer gateway verifying said merchant's signature to 
prove that the consumer is dealing with the actual 
merchant and validating at said issuer gateway the 6 o 
merchant's certificate and the acquirer's certificate to 
prove that the merchant and issuer share a common 
financial arrangement; 

said issuer gateway verifing the consumer's account and 
ensuring that funds and/or credit arc available to sup- 65 
port the payment amount, then authorizing payment by 
sending over said internet network an authorization 
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token, an issuer's digital certificate, said wallet initia- 
tion message, and a reference to said consumer's credit 
or debit card number; 

said authorization token including the payment amount, 
order description, timestamp, a random nonce plus a 
merchant identifier and a reference to the consumer's 
credit or debit card number; 

said merchant's computer receiving said authorization 
token and fulfilling said order description; and 

said merchant sending a capture request message includ- 
ing the reference number representing the consumer's 
card number over the internet to an acquirer gateway 
operating on behalf of an acquirer bank to capture the 
transaction and disburse payment to the merchant. 

31. A computer program product, comprising: 

computer program code forming a four party payment 
protocol for electronic sales including a consumer's 
computer coupled to a merchant's computer and to an 
issuing bank computer via an issuer gateway, the mer- 
chant computer being further coupled to an acquiring 
bank computer; 

computer program code means for sending from the 
merchant's computer over an internet network to the 
consumer's computer, a merchant message including a 
wallet initiation message, a merchant digital signature, 
and a digital certificate from an acquiring bank, said 
wallet initiation message including a payment amount, 
an order description, and a timestamp; 

computer program code means for starting a consumer's 
wallet program in said consumer's computer in 
response to said wallet initiation message; 

computer program code means for sending from said 
consumer's computer consumer identity and authenti- 
cation information and said merchant message, to the 
issuer gateway for an issuing bank; 

computer program code at the issuing bank creating a 
reference number or value representing the consumer's 
credit or debit card number by preparing a table of 
credit card or debit card numbers and a corresponding 
table of reference numbers, the issuing bank pairing the 
consumer's card number with a selected reference 
number and outputting the reference number to the 
issuer gateway; 

computer program code verifying at said issuer gateway 
said merchant's signature to prove that the consumer is 
dealing with the actual merchant and validating at said 
issuer gateway the merchant's certificate and the 
acquirer's certificate to prove that the merchant and 
issuer share a common financial arrangement; 

said issuer gateway verifying the consumer's account and 
ensuring that funds and/or credit are available to sup- 
port the payment amount, then authorizing payment by 
sending over said internet network an authorization 
token, an issuer's digital certificate, said wallet initia- 
tion message, and a reference to said consumer's credit 
or debit card number; 

said authorization token including the payment amount, 
. order description, timestamp, a random nonce plus a 
merchant identifier and a reference to the consumer's 
credit or debit card number; 

said merchant's computer receiving said authorization 
token and fulfilling said order description; and 

computer program code at the acquiring bank settling 
accounts with the issuing bank over a private network 
by sending a settlement message that includes the 
reference number to the consumer's card number. 
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32. A data processing system for electronic commerce, 
comprising: connecting apparatus which forms a four party 
payment protocol for electronic sales including a consumer's 
computer coupled to a merchant's computer and to an issuing 
bank computer via an issuer gateway, the merchant computer 
being further coupled to an acquiring bank computer; 

sending apparatus which sends from a merchant's computer 
over an internet network to a consumer's computer, a merchant 
message including a wallet initiation message, a merchant 
digital signature, and a digital certificate from an acquiring 
bank, said wallet initiation message including a payment 
amount, an order description, and a timestamp; 

means for starting a consumer's wallet program in said 
consumer's computer in response to said wallet initiation 
message; 

means for sending from said consumer's computer consumer 
identity and authentication information and said merchant 
message, to an issuer gateway for an issuing bank; 

the issuing bank creating a reference number or value 
representing the consumer's credit or debit card number by 
preparing a table of credit card or debit card numbers and a 
corresponding table of reference numbers, the issuing bank 
pairing the consumer's card number with a selected reference 
number and outputting the reference number to the issuer 
gateway; 

means for verifying at said issuer gateway said merchant's 
signature to prove that the consumer is dealing with the actual 
merchant and validating at said issuer gateway the merchant's 
certificate and the acquirer's certificate to prove that the 
merchant and issuer share a common financial arrangement; 

said issuer gateway verifying the consumer's account and 
ensuring that [finds] funds and/or credit are available to 
support the payment amount, then authorizing payment by 
sending over said internet network an authorization token, an 
issuer's digital certificate, said wallet initiation message, and a 
reference to said consumer's credit or debit card number; 

said authorization token including the payment amount, order 
description, timestamp, a random nonce plus a merchant 
identifier and a reference to the consumer's credit or debit card 
number; 

said merchant's computer receiving said authorization token 
and fulfilling said order description; and 

the issuing bank converting the reference number into the 
consumer's card number and applying the transaction amount 
to the consumer's balance in his credit card or deposit account. 

33. The data processing system for electronic commerce 
of claim 32, which further comprises: 

means for sending from said consumer's computer a start 
message over the internet network to the merchant's 
computer, to initiate said merchant's message. 

34. The data processing system for electronic commerce 
of claim 32, wherein said wallet initiation message includes 
a nonce. 

35. The data processing system for electronic commerce 
of claim 32, wherein said merchant's computer further 
comprises: 

means for receiving said authorization token; 

means for verifying the issuer's signature, digital 

certificate, the payment amount and merchant identity 

in the authorization token; 



22 

means for verifying the freshness of the authorization 

token via the timestamp in the token; 
means for using the nonce in the authorization token to 

recognize duplicate tokens; and 
means for fulfilling said order description. 
36. The data processing system for electronic commerce 
of claim 32, wherein said reference to said credit card is a 
consumer credit or debit account number. 
37. A method for electronic commerce, comprising[;] : 

forming a four party payment protocol for electronic sales 
including a consumer's computer coupled to a merchant's 
computer and to an issuing bank computer via an issuer 
gateway, the merchant computer being further coupled to an 
acquiring bank computer; 

sending from a merchant's computer over an internet network 
to a consumer's computer, a merchant message including a 
wallet initiation message, a merchant digital signature, and a 
digital certificate from an acquiring bank, said wallet initiation 
message including a payment amount, an order description, and 
a timestamp; 

said acquiring bank's digital certificate containing a network 
address or URL that identifies the network location of said 
acquiring bank contacted via an internet network as part of a 
payment protocol; 

starting a consumer's wallet program in said consumer's 
computer in response to said wallet initiation message; 

sending from said consumer's computer consumer identity and 
authentication information and said merchant message, to an 
issuer gateway for an issuing bank; 

the issuing bank creating a reference numbeT or value 
representing the consumer's credit or debit card number by 
preparing a table of credit card or debit card numbers and a 
corresponding table of reference numbers, the issuing bank 
pairing the consumer's card number with a selected reference 
number and outputting the reference number to the issuer 
gateway; 

verifying at said issuer gateway said merchant's signature to 
prove that the consumer is dealing with the actual merchant 
and validating at said issuer gateway the merchant's certificate 
and the acquirer's certificate to prove that the merchant and 
issuer share a common financial arrangement; 

said issuer gateway verifying the consumer's account and 
ensuring that funds and/or credit are available to support the 
payment amount, then authorizing payment by sending over 
said internet network an authorization token, an issuer's digital 
certificate, said wallet initiation message, and a reference to 
said consumer's credit or debit card number; 

said issuer's digital certificate containing a network address or 
URL that identifies the network location of the issuer contacted 
via an internet network as part of a payment protocol; 

said authorization token including the payment amount, order 
description, timestamp, a random nonce plus a merchant 
identifier and a reference to the consumer's credit or debit card 
number; 

said merchant's computer receiving said authorization token 
and fulfilling said order description; 

said merchant sending a capture request message including the 
reference number representing the consumer's card number 
over the internet to an acquirer gateway operating on behalf of 
an acquirer bank to capture the transaction and disburse 
payment to the merchant; 
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the acquiring bank settling accounts with the issuing bank over 
a private network by sending a settlement message that 
includes the reference number to the consumer's card number; 
and 

the issuing bank converting the reference number into the 
consumer's card number and applying the transaction amount 
to the consumer's balance in his credit card or deposit account. 

38. A method for electronic commerce, comprising: 
forming a four party payment protocol for electronic sales 

including a consumer's computer coupled to a mer- 
chant's computer and to an issuing bank computer via 
an issuer gateway, the merchant computer being further 
coupled to an acquiring bank computer; 

sending from the consumer's computer consumer to an 
issuer gateway for an issuing bank, an authorization 
request message containing consumer identity and 
authentication information, payment amount, an order 
description, a timestamp, a digital certificate represent- 
ing a merchant, and a digital certificate representing the 
merchant's acquiring bank; 

said merchant's digital certificate containing a merchant 
identifier unique for the acquiring bank; 

said acquiring bank's digital certificate containing a bank 
identifier unique among all banks sharing a common 
financial arrangement; 

validating at said issuer gateway the merchant's certificate 
and the acquirer's certificate to prove that the merchant, 
acquirer, and issuer share a common financial arrange- 
ment; 

said issuer gateway verifying the consumer's account and 
ensuring that funds and/or credit are available to sup- 
port the payment amount, then authorizing payment oy 
sending over said internet network an authorization 
token, an issuer's digital certificate, and a reference to 
said consumer's credit or debit card number; 

said authorization token including the payment amount, 
order description, timestamp, a random nonce, said 
merchant identifier from the merchant's digital 
certificate, and said acquiring bank identifier from said 
acquiring bank's digital certificate, plus a reference to 
the consumer's credit or debit card number; 

said authorization token being digitally signed by the 
issuing bank; 

said merchant's computer receiving said authorization 
token and fulfilling said order description 

said merchant sending a capture request message includ- 
ing the reference number representing the consumer's 
card number over the internet to an acquirer gateway 
operating on behalf of an acquirer bank to capture the 
transaction and disburse payment to the merchant; 

the acquiring bank settling accounts with the issuing bank 
over a private network by sending a settlement message 
that includes the reference number to the consumer's 
card number; and 

the issuing bank converting the reference number into the 
consumer's card number and applying the transaction 
amount to the consumer's balance in his credit card or 
deposit account. 

39. The method for electronic commerce of claim 38, 
which further comprises: 

sending from a merchant's computer over an internet 
network to a consumer's computer, a merchant mes- 
sage including a wallet initiation message, a merchant 
digital certificate, and a digital certificate from an 
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acquiring bank, said wallet initiation message including 
a payment amount, an order description, and a times- 
tamp; 

starting a consumer's wallet program in said consumer's 
computer in response to said wallet initiation message; 

said consumer's wallet program sending the authorization 
request message. 

40. The method for electronic commerce of claim 39, 
which further comprises: 

including with the wallet initiation message a merchant's 
digital signature of the wallet initiation message; 

including the wallet initiation message and said mer- 
chant's digital signature in the authorization request 
message; 

verifying at said issuer gateway said merchant's signature 
to prove that the consumer is dealing with the actual 
merchant. 

41. The method for electronic commerce of claim 40, 
which further comprises: 

sending from said consumer's computer a start message 
over the internet network to the merchant's computer, 
to initiate said merchant's message. 

42. The method for electronic commerce of claim 40, 
wherein said wallet initiation message includes a nonce. 

43. The method for electronic commerce of claim 40, 
wherein said merchant's computer further performs the steps 
comprising: 

receiving said authorization token; 

verifying the issuer's signature, digital certificate, the 
payment amount and merchant identity in the authori- 
zation token; 

verifying the freshness of the authorization token via the 

timestamp in the token; 
using the nonce in the authorization token to recognize 

duplicate tokens; and 
fulfilling said order description. 

44. The method for electronic commerce of claim 38, 
wherein the merchant claims payment through the acquiring 
bank by forwarding the customer reference number and 
payment amount to the acquiring bank. 

45. The method for electronic commerce of claim 44, [where 
in l wherein the case of a subsequent dispute, the merchant 
proves payment authorization by submitting a copy of the 
authorization token and issuer's digital certificate to the 
acquiring bank. 

46. The method for electronic commerce of claim 38, 
wherein the merchant claims payment through the acquiring 
bank by forwarding the authorization token and issuer's 
digital certificate to the acquiring bank; 

the acquiring bank verifying the issuer's signature on the 
authorization token, validating the issuer's digital 
certificate, checking for duplicates via the timestamp in 
the authorization token; and the acquiring bank paying 
the amount indicated in the authorization token. 

47. The method for electronic commerce of claim .38, 
wherein said authorization request message and authoriza- 
tion token includes a hash of an order description instead of 
the actual order description, the order description itself being 
available separately at the merchant, the merchant validating 
that the authorization token refers to the same order descrip- 
tion by comparing the hash of the order description in the 
authorization token against a locally-computed hash of the 
same order description. 

48. The method for electronic commerce of claim 38, 
wherein said reference to said credit card is a consumer 
credit or debit account number. 
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49. The method for electronic commerce of claim 48, 
wherein the confidentiality of said credit or debit account 
number is maintained by using a higher-level security 
protocol, such as encrypted email or SSL, to protect the 
communications among the consumer and the issuer 
gateway, the consumer and the merchant, the issuer gateway 
and the merchant, and, if applicable, the merchant and the 
acquirer. 

50. A method for electronic commerce, comprising: 
forming a four party payment protocol for electronic sales, the 
four party payment protocol including a consumer's computer 
coupled to a merchant's computer and to an issuing bank 
computer via an issuer gateway, the merchant computer being 
further coupled to an acquirer bank computer; 
sending from the merchant's computer over an internet network 
to the consumer's computer, a merchant message including a 
wallet initiation message, [and a digital certificate of a 
merchant provided by an acquiring bank,] said wallet initiation 
message including a payment amount, an order description, a 
merchant identifier and a timestamp; 
starting a consumer's wallet program in said consumer's 
computer in response to said wallet initiation message; 
sending from said consumer's computer consumer identity and 
authentication information and said merchant message, to the 
issuer gateway for an issuing bank; 

the issuing bank creating a reference number or value 
representing the consumer's credit or debit card number by 
preparing a table of credit card or debit card numbers and a 
corresponding table of reference numbers, the issuing bank 
pairing the consumer's card number with a selected reference 
number and outputting the reference number to the issuer 
gateway; 

verifying at said issuer gateway that the merchant and issuer 
share a common financial arrangement; 
said issuer gateway verifying the consumer's account and 
ensuring that funds and/or credit are available to support the 
payment amount, then authorizing payment by sending over 
said internet network an authorization token, an issuer's digital 
certificate, said wallet initiation message, and a reference to 
said consumer's credit or debit card number; 
said authorization token including the payment amount, order 
description, timestamp, a random nonce plus a merchant 
identifier and a reference to the consumer's credit or debit card 
number; 

said merchant's computer receiving said authorization token 
and fulfilling said order description; and 
sending a capture request message including the reference 
number representing the consumer's card number over the 
internet from the merchant to an acquirer gateway operating on 
behalf of an acquirer bank to capture the transaction and 
disburse payment to the merchant. 

51. The method of claim 50 further comprising: 
providing the merchant's digital signature and matching 
certificate to the consumer's computer. 
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52. The method of claim 50 further comprising: 
the issuer gateway signing the authorization token. 

53. A system for electronic commerce, comprising: 
means for forming a four party payment protocol for 

electronic sales, the four party payment protocol 
including a consumer's computer coupled to a mer- 
chant's computer and to an issuing bank computer via 
an issuer gateway, the merchant computer being further 
coupled to an acquirer bank computer; 

the merchant's computer sending over an internet network 
to the consumer's computer, a merchant message 
including a wallet initiation message, and a digital 
certificate of a merchant provided by an acquiring 
bank, said wallet initiation message including a pay- 
ment amount, an order description, a merchant identi- 
fier and a timestamp; 

a consumer's wallet program in said consumer's com- 
puter responsive to said wallet initiation message, for 
sending from said consumer's computer consumer 
identity and authentication information and said mer- 
chant message, to the issuer gateway for an issuing 
bank; 

the issuing bank creating a reference number or value 
representing the consumer's credit or debit card num- 
ber by preparing a table of credit card or debit card 
numbers and a corresponding table of reference 
numbers, the issuing bank pairing the consumer's card 
number with a selected reference number and output- 
ting the reference number to the issuer gateway; 

the issuer gateway verifying that the merchant and issuer 
share a common financial arrangement; 

said issuer gateway verifying the consumer's account and 
ensuring that funds and/or credit are available to sup- 
port the payment amount, then authorizing payment by 
sending over said internet network an authorization 
token, an issuer's digital certificate, said wallet initia- 
tion message, and a reference to said consumer's credit 
or debit card number; 

said authorization token including the payment amount, 
order description, timestamp, a random nonce plus a 
merchant identifier and a reference to the consumer's 
credit or debit card number; 

said merchant's computer receiving said authorization 
token and fulfilling said order description; and 

settling apparatus which settles accounts with the issuing 
bank by the acquiring bank over a private network by 
sending a settlement message that includes the refer- 
ence number to the consumer's card number. 

54. The system of claim 53 further comprising: 
means for providing the merchant's digital signature and 

matching certificate to the consumer's computer; and 
means for the issuing gateway to sign the authorization 
token. 
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55. A method of operating a four party payment protocol 
in accordance with a gateway associated with an issuing bank, 
the method comprising the steps of: 

receiving at the gateway, from a computer of a consumer, 
information associated with the consumer computer and a 
message associated with a computer of a merchant with which 
the consumer computer is engaging in a transaction, the 
merchant message comprising a wallet initiation message, the 
wallet initiation message comprising a payment amount an 
order description, a merchant identifier and a timestamp; 

receiving at the gateway, from the issuing bank, a 
reference number, the reference number having been created by 
the issuing bank and representing a credit card number or a 
debit card number of the consumer, the issuing bank 
maintaining a table of credit card numbers or debit card 
numbers and corresponding reference numbers wherein the 
consumer's card number is paired with the reference number; 

verifying at the gateway an account of the consumer and 
ensuring that at least one of funds and credit is available to 
support the payment amount; and 

authorizing payment by sending an authorization token, 
the authorization token comprising the payment amount, the 
order description, the merchant identifier, the timestamp, and 
the reference number, such that the merchants computer will 
be able to receive the authorization token and initiate 
fulfillment of the order description, send a capture request 
message comprising the reference number, for receipt by an 
acquirer bank, so as to capture the transaction and disburse 
payment to the merchant, and further wherein the issuing bank, 
in response to a message from the acquirer bank, will be able 
to convert the reference number into the consumer's credit card 
number or debit card number and apply the payment amount to 
a balance in the account of the consumer. 

56. The method of claim 55, wherein the gateway 
associated with the issuing bank sends the authorization token 
to the merchant computer via the consumer computer. 

57. The method of claim 55, wherein the gateway 
associated with the issuing bank sends the authorization token 
directly to the merchant computer. 

58. The method of claim 55, further comprising the step 
of the gateway associated with the issuing bank signing the 
authorization token. 

59. Apparatus for use in a gateway, associated with an 
issuing bank, for operating a four party payment protocol, the 
apparatus comprising: 

a memory, and 

at least one processor coupled to the memory and 
operative to: (i) receive at the gateway, from a computer of a 
consumer, information associated with the consumer computer 
and a message associated with a computer of a merchant with 
which the consumer computer is engaging in a transaction, the 
merchant message comprising a wallet initiation message, the 
wallet initiation message comprising a payment amount, an 
order description, a merchant identifier and a timestamp; (ii) 
receive at the gateway, from the issuing bank, a reference 
number, the reference number having been created by the 
issuing bank and representing a credit card number or a debit 
card number of the consumer, the issuing bank maintaining a 
table of credit card numbers or debit card numbers and 
corresponding reference numbers wherein the consumer's card 
number is paired with the reference number, (in) verify at the 
gateway an account of the consumer and ensure that at least 
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one of funds and credit is available to support the payment 
amount; and (iv) authorize payment by sending an 
authorization token, the authorization token comprising the 
payment amount the order description, the merchant identifier, 
the timestamp, and the reference number, such that the 
merchant's computer will be able to receive the authorization 
token and initiate fulfillment of the order description, send a 
capture request message comprising the reference number, for 
receipt by an acquirer bank, so as to capture the transaction and 
disburse payment to the merchant and further wherein the 
issuing bank, in response to a message from the acquirer bank, 
will be able to convert the reference number into the 
consumer's credit card number or debit card number and apply 
the payment amount to a balance in the account of the 
consumer. 

60. A computer program product for operating a four 
party payment protocol in accordance with a gateway 
associated with an issuing bank, the computer program product 
comprising: 

computer program code for receiving at the gateway, from 
a computer of a consumer, information associated with the 
consumer computer and a message associated with a computer 
of a merchant with which the consumer computer is engaging 
in a transaction, the merchant message comprising a wallet 
initiation message, the wallet initiation message comprising a 
payment amount an order description, a merchant identifier 
and a timestamp; 

computer program code for receiving at the gateway, from 
the issuing bank, a reference number, the reference number 
having been created by the issuing bank and representing a 
credit card number or a debit card number of the consumer, the 
issuing bank maintaining a table of credit card numbers or 
debit card numbers and corresponding reference numbers 
wherein the consumer's card number is paired with the 
reference number, 

computer program code for verifying at the gateway an 
account of the consumer and ensuring that at least one of funds 
and credit is available to support the payment amount; and 

computer program code for authorizing payment by 
sending an authorization token, the authorization token 
comprising the payment amount the order description, the 
merchant identifier, the timestamp, and the reference number, 
such that the merchant's computer will be able to receive the 
authorization token and initiate fulfillment of the order 
description, send a capture request message comprising the 
reference number, for receipt by an acquirer bank, so as to 
capture the transaction and disburse payment to the merchant 
and further wherein the issuing bank, in response to a message 
from the acquirer bank, will be able to convert the reference 
number into the consumer's credit card number or debit card 
number and apply the payment amount to a balance in the 
account of the consumer. - 

61 . A method of operating a four party payment protocol 
in accordance with a computer of a merchant the method 
comprising the steps of: 

sending a message from the merchant computer to a 
computer of a consumer with which the merchant computer is 
engaging in a transaction, the merchant message comprising a 
wallet initiation message, the wallet initiation message 
comprising a payment amount an order description, a 
merchant identifier and a timestamp, such that the merchant 
message will be sent to a gateway associated with an issuing 
bank, via the consumer computer, along with information 
associated with the consumer computer. 
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receiving at the merchant computer an authorization 
token sent by the gateway after the gateway has verified an 
account of the consumer and ensured that at least one of funds 
and credit is available to support the payment amount, the 
authorization token comprising the payment amount the order 
description, the merchant identifier, the timestamp, and a 
reference number, the reference number having been created by 
the issuing bank and representing a credit card number or a 
debit card number of the consumer, the issuing bank 
maintaining a table of credit card numbers or debit card 
numbers and corresponding reference numbers wherein the 
consumer's card number is paired with the reference number, 

initiating fulfillment of the order description at the 
merchant computer, and 

sending, from the merchant computer to an acquirer bank, 
a capture request message comprising the reference number, so 
as to capture the transaction and disburse payment to the 
merchant wherein the issuing bank, in response to a message 
from the acquirer bank, will be able to convert the reference 
number into the consumer's credit card number or debit card 
number and apply the payment amount to a balance in the 
account of the consumer. 

62. Apparatus for use in a computer of a merchant for 
operating a four party payment protocol, the apparatus 
comprising: 

a memory; and 

at least one processor coupled to the memory and 
operative to: (i) send a message from the merchant computer to 
a computer of a consumer with which the merchant computer 
is engaging in a transaction, the merchant message comprising 
a wallet initiation message, the wallet initiation message 
comprising a payment amount an order description, a 
merchant identifier and a timestamp, such that the merchant 
message will be sent to a gateway associated with an issuing 
bank, via the consumer computer, along with information 
associated with the consumer computer, (ii) receive at the 
merchant computer an authorization token sent by the gateway 
after the gateway has verified an account of the consumer and 
ensured that at least one of funds and credit is available to 
support the payment amount the authorization token 
comprising the payment amount the order description, the 
merchant identifier, the timestamp, and a reference number, the 
reference number having been created by the issuing bank and 
representing a credit card number or a debit card number of the 
consumer, the issuing bank maintaining a table of credit card 
numbers or debit card numbers and corresponding reference 
numbers wherein the consumer's card number is paired with 
the reference number, (lip initiate fulfillment of the order 
description at the merchant computer, and (iv) send, from the 
merchant computer to an acquirer bank, a capture request 
message comprising the reference number, so as to capture the 
transaction and disburse payment to the merchant wherein the 
issuing bank, in response to a message from the acquirer bank, 
will be able to convert the reference number into the 
consumer's credit card number or debit card number and apply 
the payment amount to a balance in the account of the 
consumer. 

63, A computer program product for operating a four 
party payment protocol in accordance with a computer of a 
merchant the computer program product comprising: 

computer program code for sending a message from the 
merchant computer to a computer of a consumer with which 
the merchant computer is engaging in a transaction, the 
merchant message comprising a wallet initiation message, the 
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wallet initiation message comprising a payment amount an 
order description, a merchant identifier and a timestamp, such 
that the merchant message will be sent to a gateway associated 
with an issuing bank, via the consumer computer, along with 
information associated with the consumer computer, 

computer program code for receiving at the merchant 
computer an authorization token sent by the gateway after the 
gateway has verified an account of the consumer and ensured 
that at least one of funds and credit is available to support the 
payment amount the authorization token comprising the 
payment amount the order description, the merchant identifier, 
the timestamp, and a reference number, the reference number 
having been created by the issuing bank and representing a 
credit card number or a debit card number of the consumer, the 
issuing bank maintaining a table of credit card numbers or 
debit card numbers and corresponding reference numbers 
wherein the consumer's card number is paired with the 
reference number, 

computer program code for initlatmR fulfillment of the 
order description at the merchant computer, and 

computer program code for sending, from the merchant 
computer to an acquirer bank, a capture request message 
comprising the reference number, so as to capture the 
transaction and disburse payment to the merchant wherein the 
issuing bank, in response to a message from the acquirer bank, 
will be able to convert the reference number into the 
consumer's credit card number or debit card number and apply 
the payment amount to a balance in the account of the 
consumer. 

64. A method of providing at least a part of a four party 
payment service, the part of the service being provided in 
accordance with a gateway associated with an issuing bank, the 
method comprising the steps of: 

receiving at the gateway, from a computer of a consumer, 
information associated with the consumer computer and a 
message associated with a computer of a merchant with which 
the consumer computer is engaging in a transaction, the 
merchant message comprising a wallet initiation message, the 
wallet initiation message comprising a payment amount an 
order description, a merchant identifier and a timestamp; 

receiving at the gateway/from the issuing bank, a 
reference number, the reference number having been created by 
the issuing bank and representing a credit card number or a 
debit card number of the consumer, the issuing bank 
maintaining a table of credit card numbers or debit card 
numbers and corresponding reference numbers wherein the 
consumer's card number is paired with the reference number, 

verifying at the gateway an account of the consumer and 
ensuring that at least one of funds and credit is available to 
support the payment amount; and 

authorizing payment by sending an authorization token, 
the authorization token comprising the payment amount the 
order description, the merchant identifier, the timestamp, and 
the reference number, such that the merchant's computer will 
be able to receive the authorization token and initiate 
fulfillment of the order description, send a capture request 
message comprising the reference number, for receipt by an 
acquirer bank, so as to capture the transaction and disburse 
payment to the merchant and further wherein the issuing bank, 
in response to a message from the acquirer bank, will be able 
to convert the reference number into the consumer's credit card 
number or debit card number and apply the payment amount to 
a balance in the account of the consumer. 
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65. A method of providing at least a part of a four party 
payment service, the part of the service being provided in 
accordance with a computer of a merchant, the method 
comprising the steps of: 

sending a message from the merchant computer to a 
computer of a consumer with which the merchant computer is 
engaging in a transaction, the merchant message comprising a 
wallet initiation message, the wallet initiation message 
comprising a payment amount, an order description, a 
merchant identifier and a timestamp, such that the merchant 
message will be sent to a gateway associated with an issuing 
bank, via the consumer computer, along with information 
associated with the consumer computer, 

receiving at the merchant computer an authorization 
token sent by the gateway after the gateway has verified an 
account of the consumer and ensured that at least one of funds 
and credit is available to support the payment amount, the 
authorization token comprising the payment amount the order 
description, the merchant identifier, the timestamp, and a 
reference number, the reference number having been created by 
the issuing bank and representing a credit card number or a 
debit card number of the consumer, the issuing bank 
maintaining a table of credit card numbers or debit card 
numbers and corresponding reference numbers wherein the 
consumers card number is paired with the reference number, 

initiating fulfillment of the order description at the 
merchant computer, and 

sending, from the merchant computer to an acquirer bank, 
a capture request message comprising the reference number, so 
as to capture the transaction and disburse payment to the 
merchant, wherein the issuing bank, in response to a message 
from the acquirer bank, will be able to convert the reference 
number into the consumer's credit card number or debit card 
number and apply the payment amount to a balance in the 
account of the consumer. 

66. A method of operating a four party payment protocol 
in accordance with a gateway associated with an issuing bank, 
the method comprising the steps of: 

receiving at the gateway, from a computer of a consumer, 
information associated with the consumer computer and a 
message associated with a computer of a merchant with which 
the consumer computer is engaging in a transaction, the 
merchant message comprising a wallet initiation message, the 
wallet initiation message comprising a payment amount, an 
order description, a merchant identifier and a timestamp; 

receiving at the gateway, from the issuing bank, a 
reference number, the reference number having been created by 
the issuing bank and representing a credit card number or a 
debit card number of the consumer, the issuing bank 
maintaining a mapping of credit card numbers or debit card 
numbers and corresponding reference numbers wherein the 
consumer's card number is paired with the reference number; 

verifying at the gateway an account of the consumer and 
ensuring that at least one of funds and credit is available to 
support the payment amount; and 

authorizing payment by sending an authorization token, 
the authorization token comprising the payment amount, the 
order description, the merchant identifier, the timestamp, and 
the reference number, such that the merchant's computer will 
be able to receive the authorization token and initiate 
fulfillment of the order description, send a capture request 
message comprising the reference number, for receipt by an 
acquirer bank, so as to capture the transaction and disburse 
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payment to the merchant and further wherein the issuing bank, 
in response to a message from the acquirer bank, will be able 
to convert the reference number into the consumer's credit card 
number or debit card number and apply the payment amount to 
a balance in the account of the consumer. 

67. A method of operating a four party payment protocol 
in accordance with a computer of a merchant, the method 
comprising the steps of: 

sending a message from the merchant computer to a 
computer of a consumer with which the merchant computer is 
engaging in a transaction, the merchant message comprising a 
wallet initiation message, the wallet initiation message 
comprising a payment amount, an order description, a 
merchant identifier and a timestamp, such that the merchant 
message will be sent to a gateway associated with an issuing 
bank, via the consumer computer, along with information 
associated with the consumer computer, 

receiving at the merchant computer an authorization 
token sent by the gateway after the gateway has verified an 
account of the consumer and ensured that at least one of funds 
and credit is available to support the payment amount, the 
authorization token comprising the payment amount the order 
description, the merchant identifier, the timestamp, and a 
reference number, the reference number having been created by 
the issuing bank and representing a credit card number or a 
debit card number of the consumer, the issuing bank 
maintaining a mapping of credit card numbers or debit card 
numbers and corresponding reference numbers wherein the 
consumer's card number is paired with the reference number, 

initiating fulfillment of the order description at the 
merchant computer, and 

sending, from the merchant computer to an acquirer bank, 
a capture request message comprising the reference number, so 
as to capture the transaction and disburse payment to the 
merchant, wherein the issuing bank, in response to a message 
from the acquirer bank, will be able to convert the reference 
number into the consumer's credit card number or debit card 
number and apply the payment amount to a balance in the 
account of the consumer. 



